A pragmatic solution to improve the security of your organization in times of Covid-19
It is not far-fetched to say Covid-19 has and will change the way we work and do business. And if you apply Information Security perspective to this view, the challenge is even bigger. With mass lockdowns across the world and millions of people working from home accessing business-critical, proprietary and confidential data from laptops and home PCs, organizations are faced with grave prospects of enhanced risks and data breaches.
Even in the business as usual times, ramping up security and meeting statutory compliances has been daunting for many organizations. It needs organizations to assess their security maturity and the business risk involved in moving their maturity from the current low (IST) situation to a better (SOLL) situation. Bridging this gap involves huge costs, effort, time and a trusted advisor who can guide through the rigorous implementation. Now let’s fast forward to the present time, not only does this process remain the same but the risks have magnified leading organizations to walk a tight rope trying to balance security risks and arduous implementations.
Applying my decades of experience in this field, I have arrived at a middle path so to say – a pragmatic, practical approach that can safeguard an organization’s immediate and urgent interests in these uncertain times and set it on a path for long term continuous compliance. In this approach, I propose an organization evaluates its current (IST) situation and defines where it wants to be (SOLL) and then moves towards it applying a step-by-step improvement plan. In other words, close the business risk driven ‘initial’ gap after evaluating the organization’s risk appetite and the organizational absorption for change. Of course, this approach needs to be iteratively checked to arrive at the next steps of improvements to implement.
Closing the initial gap will achieve two key things: one, it will set the organization on a path for full compliance and secondly, it will allow the organization precious insights into the business risks involved, equipping it with tools and ways to enable the next steps of improvement. Step-by-step improvement enables learning and adapting, in lieu of a misleading recipe of a best practice solution, which may put the organization on a path of very high risks and costs.